NIST Calls for Suggestions to Speed Computer Incident Teams Responses

The National Institute of Standards and Technology (NIST) has issued a Request for Information (RFI)* seeking guidance for a new special publication focused on improving coordination between Computer Security Incident Response Teams (CSIRTs) and reducing delays when reacting to computer security incidents.

Even though government and industry defend their information systems against hackers, attacks are sometimes successful. When that happens, speed is of the essence.

NIST's existing Computer Security Incident Handling Guide** provides guidance on organizing a CSIRT, detecting attacks, preventing ongoing damage, repairing systems, restarting operations and reporting breaches.

The RFI calls for input for a new publication, Computer Security Incident Coordination, which will supply guidance, methodologies, procedures and processes to cut response time and limit information loss when multiple organizations are involved.

NIST requests information about best practices, impediments to information sharing and response, risks of collaborative incident response, successful technical standards and technologies, and viewpoints on incident coordination objectives. Authors will use results from the RFI and other information from agencies and stakeholders to draft the new publication.

Please email comments to incidentcoordination [at] nist.gov (incidentcoordination[at]nist[dot]gov) by July 29, 2013 and include your name, company name, and cite "Computer Security Incident Coordination" in all correspondence. All comments received by the deadline will be posted at csrc.nist.gov without change or redaction. For more information see the RFI, or contact Lee Badger at lee.badger [at] nist.gov (lee[dot]badger[at]nist[dot]gov).